Framework to Evaluate Your BCDR Plans

An organization’s resiliency is directly related to the effectiveness of its continuity capability. An organization’s continuity capability—its ability to perform its essential functions continuously—rests upon key components and pillars, which are in turn built on the foundation of continuity planning and program management. These pillars are Leadership, Staff, Communications, and Facilities. The Federal Continuity Directive (FCD) 1 provides direction to the Federal executive branch for developing continuity plans and programs. Continuity planning facilitates the performance of executive branch essential functions during all-hazards emergencies or other situations that may disrupt normal operations.

FCD2 provides further guidance and direction to Federal executive branch departments and agencies for identification of their Mission Essential Functions (MEFs) and potential Primary Mission Essential Functions (PMEFs). It also includes guidance on the processes for conducting a Business Process Analysis (BPA) and Business Impact Analysis (BIA) for each of the potential PMEFs that assist in identifying essential function relationships and inter-dependencies, time sensitivities, threat and vulnerability analysis, and mitigation strategies that impact and support the PMEFs.

Find out what's trending in BrightTALK's IT Security community and the challenges keeping security professionals up at night.

Join Wesley Simpson, COO of (ISC)², Dr. Christopher Pierson, Founder & CEO of BLACKCLOAK and Marija Atanasova, Sr. Content Strategist from BrightTALK for an interactive Q&A session to learn more about:
- The biggest trends in cyber security
- Trending topics from the beginning of the year
- The tools and challenges CISOs and security professionals deal with daily
- What to expect in the next 3, 6, 12 months

Small businesses are the low-hanging fruit of the cybercrime world. Operating a small business is tough work and requires the small business owner to be skilled in many areas of business, finance, tech, customer service, sales, fulfillment, and so on. Cybersecurity is only a part of what SMB owners needs to know about in order to successfully run their business. However, the cybersecurity portion is often overlooked. As hackers and attackers are looking for people to scam and steal from, they look for the easiest targets first.

In this webinar, audiences will learn more about:
- The risks and real costs of ignoring your data security
- How it can cause you to go out of business
- Simple steps to take immediately to help improve your security

Be sure that you have a good grip on understanding what you need to do when it comes to protecting your small business from these threats.

And as an added bonus, you'll receive some valuable resources that you'll be able to use in the future as you discover, plan, and implement new security strategies in your own small business. Be #SmallBizCyber smart about your small business!

Most security solution buyers assume they’re protected against known malware. Numbers like 99.9% are common in vendors’ marketing materials. Hence, efficacy conversations tend to focus instead on the solution’s performance against the unknown, zero-day threats. However, with between half a million and one million new pieces of commodity malware created every day, how are antivirus solutions keeping up? Where is this database of signatures, hashes, reputation and behavior stored for over a billion of known pieces of malware? Is the 99.9% number an illusion or reality?

In this webinar we will leverage a study of three leading antivirus products against 60,000 pieces of known new and old malware. The results will surprise you...

Does the ILOVEYOU virus from the year 2000 still pose a threat? You’ll have to join this webinar to find out.

In an age where cybersecurity threats are an everyday fact of life, organizations are looking for solutions that enable them to predict, prepare and react to the shifting landscape of cyber threats, and implementation of adaptive cyber security strategies is becoming inevitable to achieve that goal.

Adaptive cyber security methods allow for the simultaneous defense of multiple attack surfaces against this new wave of advanced cyber attacks targeting businesses and services. The NIST Cybersecurity Framework enables organizations — regardless of size, degree of cybersecurity risk, or cybersecurity sophistication — to apply the principles and best practices of risk management to improving security. Attend this CPE webinar to gain insights on:

- Getting a clear picture of the current health of your organizations' defenses
- Defining your security road map using NIST CSF as a framework
- Conducting gap analysis and executing remediation actions
- Mapping the NIST CSF with security controls and built-in reporting templates that align with the framework.

There is an increasing need to provide evidence of cyber capability to provide confidence to regulators, boards, shareholder and other interested parties. In addition to providing confidence, there is also a requirement to provide evidence following a cyber security breach.

In order to provide this evidence we must develop international standards to allow business to provide the it in a consistent manner. The supplier industry must help to promote these standards with the support from governments and regulators.

No all of the requirements for security are the same, there is therefore a need to create a process providing this evidence from basic cyber hygiene through to Critical National Infrastructure. The companies must be suitably accredited and the individuals must have appropriate credentials and experience.

Importantly the cyber security industry must move from simply being providers of advice to providing opinions. This will mean the industry must move to being accountable. This will in turn help to professionalise the industry.

Key takeaways:
*Need to provide evidence of cyber capability to regulators, boards, shareholder and other interested parties.
*Evidence following a cyber security breach is essential, but unstructured
*International standards developed by supplier industry with support from governments and regulators.
*Evidence required from basic cyber hygiene through to Critical National Infrastructure is different.
*Cyber security industry must move from advisory to accountability, this is a massive change!

Today, most C-suite and boardroom discussions on cybersecurity are based on gut feelings and incomplete data. Many CIOs and CISOs are quite uncomfortable in these meetings, mainly because they know that they only have a vague idea about the enterprise’s overall cybersecurity picture and are forced to pretend they know what’s going on.

If a major cybersecurity incident happens, some senior executive becomes the scapegoat. Everyone agrees to increase cybersecurity spending and tighten things up. Then the cycle continues, but nothing really changes. How can we all do better?

Join Gaurav Banga, Founder and CEO of Balbix as he discusses:
- Behind-the-scenes deliberations in the board room
- Challenges in understanding and measuring the enterprise security posture
- What a mature and cyber-resilient security posture looks like
- How you can get there

Gaurav Banga, PhD is the founder and CEO of Balbix, and he also serves on the boards of several companies. Before founding Balbix, Gaurav was the co-founder and CEO of Bromium and led the company from its inception for more than five years.
Earlier in his career, Gaurav served in various executive roles at Phoenix Technologies and Intellisync Corporation. He was also co-founder and CEO of PDAapps, which was acquired by Intellisync in 2005. Gaurav started his industry career at NetApp. He has a doctoral degree in computer science from Rice University. He is a prolific inventor with
more than 60 patents.

Join automation expert Joe Schreiber on March 20th as he shares his experiences automating himself out of a job (in a good way), and discusses where to start and how to avoid risk.

Joe will present his five steps and answer questions from the audience on how to:

Collaborate with the rest of your team on automation
Organize your multi-vendor toolbox and use APIs to ensure success
Empower your teams to write reusable, value-driven code
Leverage modern applications in containers, microservices, and serverless environments
Got questions? Send them to Joe ahead of time to be included in the discussion.

For the last 2 decades, technology security was delegated to the IT team. It was role specific and designated for one small subsection of the IT team. That mentality and way of thinking must change.

A paradigm shift is required for the whole organization. Every part of the organization contributes to the success or failure of the organization. Creating a security culture is not a one-time event, it is a new way of talking and acting.

Join this webinar with Heather Stratford, CEO of Stronger.tech to:
- Understand the steps that need to happen to create this culture
- See where your organization is on the scale of creating a Strong Security Culture
- Learn why creating a security-minded culture is an essential part of the "new" requirements for a CIO.

In this webinar, we will be talking about not only the cost of data breaches but also impact of breaches and lesson learned for businesses, trends to reduce the risks and finally conclusion about how to prevent data breaches.

Successful security programs explain the situation, the risks, and the options available in a way that is both simple and true. Damrod draws on military analytical frameworks to develop map models that accurately depict the cyber terrain and guide the generation of a series of overlays. These build to create an Effects based plan suitable for Governance, Risk, and Compliance needs.

Join this webinar for an introduction to the cyber-as-conflict model developed by Damrod.

Cybersecurity, much like safety, cannot be achieved - it is an ongoing process that changes and adjusts to respond to the threat landscape, business needs and resources. As essential a cybersecurity strategy is to the enterprise, so is the implementation of it.

Join us for an interactive Q&A panel with security leaders to learn more about how to operationalize cybersecurity.

There is too much fear and derision from the old guard of cybersecurity. Big breaches are used as justification for sales pitches and pedestals to mock the victims. While it is undeniable that cybercrime continues to grow, and future of cyber conflict is contested, there is good cause to think we are doing better than we imagine.

And that we can win in the future.

No competitive team enters a contest with a ‘let’s catch up’ mentality. Leaders inspire us to victory. CISO’s need to fill to role of champion and present a positive message – ‘we can win’.

Join this talk with industry thought leaders as we discuss the state of the conflict and emergent tactics from AI to insurance that promise to re-define cyber defence.

While the board ‘get cyber’, questions remain around embedding cyber risk management into business strategy execution. For many CISOs, strategy alignment represents the best opportunity to engage with the board and ensure a business-driven approach to managing cyber risk.

So how should business leaders develop, update and execute business strategy with so many cyber-related implications? How can organisations meet their business goals, against a backdrop of increasing cybersecurity costs, greater regulatory scrutiny and increased frequency and magnitude of data breaches?

In this webinar, Mark Chaplin, Principal, ISF will discuss the significance of aligning security strategy with business strategy. Mark will draw on executive engagement, exploring the essential factors for success and highlighting the pitfalls to avoid.

Bogdan Botezatu, Director of Threat Research and Reporting, Bitdefender

What threats can we expect to see in 2019, and how do we make sure we're prepared?

Join Bitdefender Director of Threat Research and Reporting, Bogdan Botezatu to discuss research-based predictions on the biggest threats of 2019. He'll walk through the future of cryptojacking, advanced persistent threats (APTs), network-level exploits, IoT attacks, and others and provide recommendations on the industry's best defenses against these threats.

Join us for this webinar that will present an advanced data science approach to detecting anomalous behavior in complex systems like the typical corporate network that your IT Security team is trying to defend. Generalized anomaly detectors, without tuning for a specific use case, almost always result in high false alarm rates that lead to analyst alert fatigue and a detector which is effectively useless. In this session, Brenden Bishop, Data Scientist at the Columbus Collaboratory, will present an open source tool and best practices for building specific, repeatable, and scalable models for hunting your network’s anomalies. Through iteration and collaboration, defenders can hone in on interesting anomalies with increasing efficiency.

Access control, a critical component of IT security compliance programs, ensures that organizations protect confidential information, like intellectual property and customer data. But your access management program can easily become outdated and static—especially if you rely on manual control testing and user access administration tasks.

By using robotics and process automation, or RPA, you can tackle some of the common challenges associated with access control programs. RPA works 24/7, reduces human error, and saves employees from manual, repetitive tasks. RPA might be the key to advancing your access control program.

Join this CPE webinar for insights into how you can reduce costs, increase efficiency and improve the effectiveness of your access control program with RPA. We will share:

- How to get started with an access control program.
- Ways to evaluate the right tools to automate processes at a task level, and align to your process automation strategy.
- Practical steps you can take to see value from advanced analytics in risk management, compliance, and continuous monitoring programs.
- How to embed governance, risk management, and controls into your enterprise’s mobilization and deployment of RPA, so you can catch issues before they arise.

Join us for this webinar that will recommend how to deal with your “big data” problem when dealing with the massive volume of raw, unprocessed data points from your network security sensors. Hint: don’t start with the data and attempt to drill down to the problem. Instead, as Slava Nitikin, Data Scientist from the Columbus Collaboratory will explain, you must start by the defining problem, building a threat model, and then focusing on the corresponding signals in your sensor data. We will walk through the use case for an Active Directory password spraying attack to demonstrate how to define and apply appropriate filters to your security data for faster detection, more accurate threat scoring and more effective security overall.

This webinar from Women in CyberSecurity (WiCyS) and the Security Industry Association (SIA) will present the findings of The Cybersecurity Imperative research project produced by WSJ Pro Cybersecurity and ESI ThoughtLab and sponsored by SIA. We will share insights into how 1,000-plus organizations around the globe measure their cybersecurity preparedness and how they are preparing for future cyber threats.

In this 45-minute program, we’ll also share a new tool that allows you to compare your own organization’s preparedness to the aggregated data of study participants.

Are traditional awareness raising campaigns (e.g. CBT, phishing simulations) affording sufficient protection against ever evolving cyber-attacks? With human errors being the #1 cause of security incidents and data breaches, it is now a CISO imperative to tackle behavioural change and effectively manage the human risk. This recognised need reflects the acceptance that how the workforce behaves is dependent on the shared beliefs, values and actions of its employees, and that this includes their attitudes towards cybersecurity.

Key topics covered in this presentation:
• People-related challenges and frustrations the industry is facing
• Why a new approach to awareness and culture is required
• Innovative approaches adopted by leading organisations

Your organisation can only be secure if you make people your strongest defence. Attend this session to discuss how to turn your human risk into your biggest advantage in cyber security!

Flavius Plesu:
A business-focused cyber security leader, Flavius has held senior security positions both within the public and the private sector and has lead a number of enterprise-wide security transformation programmes, in complex global organisations. Passionate about solving real industry problems, cultivating and building teams to deliver on the organisation’s mission, values and goals.

Alongside his role as a Head of Information Security at Bank of Ireland UK, Flavius is also one of the Founders of OutThink, a team of CISOs and security practitioners who are changing the way in which organisations engage with their employees to shape behaviours and manage human risk in the context of cyber security.

Today’s organizations face a cybersecurity landscape more difficult to navigate than ever before. When it comes to data breaches, the risk for organizations is high, from the easily calculable costs of notification and business loss to the less tangible effects on a company's brand and customer loyalty. With large-scale data breaches continuing to make the headlines in 2018, organizations must be proactive, not reactive, in the face of looming cyber threats. Proactive threat intelligence can enable organizations to prevent breaches or compromises before they occur.

On this webinar our panel of experts will discuss some critical actions organisations can consider to prevent a data breach, and attendees will learn:

- Strategies you can implement now to help you protect against a breach.
- Best practices for gathering the intelligence to predict and prevent attacks.
- How to use threat intelligence to improve your organization’s security posture and reduce the risk of an attack.
- Steps to fortify your last line of defense.

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.